mirror of
https://github.com/fosrl/pangolin.git
synced 2026-02-15 09:26:40 +00:00
add add/remove user/roles to siteResources/resources to integration api
This commit is contained in:
miloschwartz
@@ -11,7 +11,9 @@ export async function verifyApiKeySetResourceUsers(
|
||||
next: NextFunction
|
||||
) {
|
||||
const apiKey = req.apiKey;
|
||||
const userIds = req.body.userIds;
|
||||
const singleUserId = req.params.userId || req.body.userId || req.query.userId;
|
||||
const { userIds } = req.body;
|
||||
const allUserIds = userIds || (singleUserId ? [singleUserId] : []);
|
||||
|
||||
if (!apiKey) {
|
||||
return next(
|
||||
@@ -33,11 +35,7 @@ export async function verifyApiKeySetResourceUsers(
|
||||
);
|
||||
}
|
||||
|
||||
if (!userIds) {
|
||||
return next(createHttpError(HttpCode.BAD_REQUEST, "Invalid user IDs"));
|
||||
}
|
||||
|
||||
if (userIds.length === 0) {
|
||||
if (allUserIds.length === 0) {
|
||||
return next();
|
||||
}
|
||||
|
||||
@@ -48,12 +46,12 @@ export async function verifyApiKeySetResourceUsers(
|
||||
.from(userOrgs)
|
||||
.where(
|
||||
and(
|
||||
inArray(userOrgs.userId, userIds),
|
||||
inArray(userOrgs.userId, allUserIds),
|
||||
eq(userOrgs.orgId, orgId)
|
||||
)
|
||||
);
|
||||
|
||||
if (userOrgsData.length !== userIds.length) {
|
||||
if (userOrgsData.length !== allUserIds.length) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
||||
@@ -13,8 +13,6 @@ export async function verifyApiKeySiteResourceAccess(
|
||||
try {
|
||||
const apiKey = req.apiKey;
|
||||
const siteResourceId = parseInt(req.params.siteResourceId);
|
||||
const siteId = parseInt(req.params.siteId);
|
||||
const orgId = req.params.orgId;
|
||||
|
||||
if (!apiKey) {
|
||||
return next(
|
||||
@@ -22,11 +20,11 @@ export async function verifyApiKeySiteResourceAccess(
|
||||
);
|
||||
}
|
||||
|
||||
if (!siteResourceId || !siteId || !orgId) {
|
||||
if (!siteResourceId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
"Missing required parameters"
|
||||
"Missing siteResourceId parameter"
|
||||
)
|
||||
);
|
||||
}
|
||||
@@ -41,9 +39,7 @@ export async function verifyApiKeySiteResourceAccess(
|
||||
.select()
|
||||
.from(siteResources)
|
||||
.where(and(
|
||||
eq(siteResources.siteResourceId, siteResourceId),
|
||||
eq(siteResources.siteId, siteId),
|
||||
eq(siteResources.orgId, orgId)
|
||||
eq(siteResources.siteResourceId, siteResourceId)
|
||||
))
|
||||
.limit(1);
|
||||
|
||||
@@ -64,11 +60,11 @@ export async function verifyApiKeySiteResourceAccess(
|
||||
.where(
|
||||
and(
|
||||
eq(apiKeyOrg.apiKeyId, apiKey.apiKeyId),
|
||||
eq(apiKeyOrg.orgId, orgId)
|
||||
eq(apiKeyOrg.orgId, siteResource.orgId)
|
||||
)
|
||||
)
|
||||
.limit(1);
|
||||
|
||||
|
||||
if (apiKeyOrgRes.length === 0) {
|
||||
return next(
|
||||
createHttpError(
|
||||
@@ -77,12 +73,11 @@ export async function verifyApiKeySiteResourceAccess(
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
req.apiKeyOrg = apiKeyOrgRes[0];
|
||||
}
|
||||
|
||||
// Attach the siteResource to the request for use in the next middleware/route
|
||||
// @ts-ignore - Extending Request type
|
||||
req.siteResource = siteResource;
|
||||
|
||||
return next();
|
||||
|
||||
@@ -95,7 +95,6 @@ export async function verifySiteResourceAccess(
|
||||
req.userOrgId = siteResource.orgId;
|
||||
|
||||
// Attach the siteResource to the request for use in the next middleware/route
|
||||
// @ts-ignore - Extending Request type
|
||||
req.siteResource = siteResource;
|
||||
|
||||
const roleResourceAccess = await db
|
||||
|
||||
Reference in New Issue
Block a user